l themes: make wayland compatible

kartei/jan/default.nix

@@ -0,0 +1,89 @@
+{ config, ... }: let
+  lib = import ../../lib;
+in {
+
+  users.jan = {
+    mail = "jan.heidbrink@posteo.de";
+  };
+
+  hosts.toastbrot = {
+     owner = config.krebs.users.jan;
+     nets = {
+      retiolum = {
+        ip4.addr = "10.243.117.12";
+        aliases = [
+          "toastbrot.r"
+        ];
+        tinc.pubkey = ''
+          -----BEGIN PUBLIC KEY-----
+          MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
+          2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
+          yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
+          DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
+          r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
+          PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
+          Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
+          IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
+          fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
+          Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
+          uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
+          4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
+          -----END PUBLIC KEY-----
+        '';
+      };
+    };
+  };
+
+  hosts.petrosilia = {
+    owner = config.krebs.users.jan;
+    nets = {
+      retiolum = {
+        ip4.addr = "10.243.143.11";
+        aliases = [
+          "petrosilia.r"
+        ];
+        tinc.pubkey = ''
+          -----BEGIN RSA PUBLIC KEY-----
+          MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
+          y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
+          IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
+          FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
+          fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
+          e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
+          jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
+          vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
+          yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
+          5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
+          eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
+          -----END RSA PUBLIC KEY-----
+        '';
+        tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
+      };
+    };
+  };
+
+  hosts.grill = {
+    owner = config.krebs.users.jan;
+    nets.retiolum = {
+      aliases = [ "grill.r" ];
+      ip4.addr = "10.243.217.217";
+      ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
+      tinc.pubkey = ''
+        -----BEGIN RSA PUBLIC KEY-----
+        MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
+        1ooJW+q3zOm0P4IySvQkqPCXiynPBKG+W8vz6as4/TjMgqz45zTSZaoGsUjPS7Yg
+        L9qN6bLNJUhjPtyBBIX5l+WSii2RkbtcFTewY9HITPgOvu5rSiYgdz1X86BDTy0w
+        E6g13jwjI0D29jFAXIIfSwfvqikHmicr++3R4URPTiY7Vcg3UtIYGaKEFTPid0Da
+        bd47ZNWI99CI5Znzd4aJSD+0lfD6+EZb4nQ2o/VZ5RRUid9qWKHu5pbXvPrwE5uC
+        TWtsP1nla+zx1nDD2UHt0bJzdfz4sEFrmLHBqsdvfgAlVvVr65ZMIOO5X0fevHi4
+        s3jqYPMLksimuQjHCXYcgxfBYkVPuVWqDivOV8Z60UhAop5xK9i+FV4kyTgL+qmH
+        79VAy8+2Wrzda/MBVFF+0XAryBtqFgk5JtmfRKJ5rcXFy9hnugmfulOC0+XFPFbN
+        cNLbPR/dwON6YIg90z0wwJfPoWwzj3jKwT7YZ/pYSEl0JDgkpTzCxiBbqpJ/r8CZ
+        2avRws5YMVnLcuY1IFlNLJdUZdz+41zmPizIP0dAdrwDH56AJkTukESf1Ir6G2NT
+        isn3pijKy4Y/EbWnJiQpEKDfNh8JW1Ryw1zvNYKYR3OAImp3DgsWmeECAwEAAQ==
+        -----END RSA PUBLIC KEY-----
+      '';
+      tinc.pubkey_ed25519 = "cqfMY/8kqtuM5wIzYMNfFIc47Jx1nnfV0//SMpsO61G";
+    };
+  };
+}

kartei/lass/prism.nix

@@ -71,6 +71,7 @@ rec {
         "c.r"
         "p.r"
         "search.r"
+        "wallpaper.r"
       ];
       tinc = {
         pubkey = ''

kartei/others/default.nix

@@ -286,60 +286,6 @@ in {
         };
       };
     };
-    toastbrot = {
-      owner = config.krebs.users.jan;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.117.12";
-          aliases = [
-            "toastbrot.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN PUBLIC KEY-----
-            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
-            2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
-            yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
-            DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
-            r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
-            PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
-            Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
-            IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
-            fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
-            Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
-            uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
-            4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
-            -----END PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    petrosilia = {
-      owner = config.krebs.users.jan;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.143.11";
-          aliases = [
-            "petrosilia.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
-            y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
-            IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
-            FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
-            fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
-            e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
-            jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
-            vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
-            yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
-            5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
-            eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
-            -----END RSA PUBLIC KEY-----
-          '';
-          tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
-        };
-      };
-    };
     tpsw = {
       owner = config.krebs.users.ciko; # main laptop
       nets = {
@@ -629,9 +575,6 @@ in {
     ilmu = {
       mail = "ilmu@rishi.is";
     };
-    jan = {
-      mail = "jan.heidbrink@posteo.de";
-    };
     jonge = {
       mail = "jacek.galowicz@gmail.com";
     };

krebs/2configs/cal.nix

@@ -1,33 +1,116 @@
-{ config, lib, pkgs, ... }:
-{
-  users.users.testing = {
-    uid = pkgs.stockholm.lib.genid_uint31 "testing";
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = [
-      config.krebs.users.xkey.pubkey
-      config.krebs.users.lass.pubkey
-    ];
-    packages = [
-      pkgs.calendar-cli
-      pkgs.tmux
-    ];
-  };
+{ config, lib, pkgs, ... }: let
 
-  services.xandikos = {
+  setupGit = ''
+    export PATH=${lib.makeBinPath [
+      pkgs.coreutils
+      pkgs.git
+    ]}
+    export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i /var/lib/radicale/.ssh/id_ed25519'
+    repo='git@localhost:cal'
+    cd /var/lib/radicale/collections
+    if ! test -d .git; then
+      git init
+      git config user.name "radicale"
+      git config user.email "radicale@${config.networking.hostName}"
+    elif ! url=$(git config remote.origin.url); then
+      git remote add origin "$repo"
+    elif test "$url" != "$repo"; then
+      git remote set-url origin "$repo"
+    fi
+    cp ${pkgs.writeText "gitignore" ''
+      .Radicale.cache
+    ''} .gitignore
+    git add .gitignore
+  '';
+
+  pushCal = pkgs.writeDash "push_cal" ''
+    ${setupGit}
+    git fetch origin
+    git merge --ff-only origin/master || :
+  '';
+
+  pushCgit = pkgs.writeDash "push_cgit" ''
+    ${setupGit}
+    git push origin master
+  '';
+
+in {
+  services.radicale = {
     enable = true;
-    extraOptions = [
-      "--autocreate"
-      "--defaults"
-      "--current-user-principal /krebs"
-      "--dump-dav-xml"
-    ];
+    rights = {
+      krebs = {
+        user = ".*";
+        collection = ".*";
+        permissions = "rRwW";
+      };
+    };
+    settings = {
+      auth.type = "none";
+      server.hosts = [
+        "0.0.0.0:5232"
+        "[::]:5232"
+      ];
+      storage.filesystem_folder = "/var/lib/radicale/collections";
+      storage.hook = "${pkgs.writers.writeDash "radicale-hook" ''
+        set -efu
+        ${setupGit}
+        ${pkgs.git}/bin/git add -A
+        (${pkgs.git}/bin/git diff --cached --quiet || ${pkgs.git}/bin/git commit -m "Changes by \"$1\"")
+        ${pushCgit}
+      ''} %(user)s";
+    };
   };
 
   services.nginx = {
     enable = true;
 
     virtualHosts = {
-      "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
+      "calendar.r".locations."/".proxyPass = "http://localhost:5232/";
     };
   };
+  krebs.git = {
+    enable = true;
+    cgit.settings = {
+      root-title = "krebs repos";
+    };
+    rules = with pkgs.stockholm.lib.git; [
+      {
+        user = [
+          {
+            name = "cal";
+            pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe1jtHaNFZKmWemWQVEGVYj+s4QGJaL9WYH+wokOZie";
+          }
+        ] ++ (lib.attrValues config.krebs.users);
+        repo = [ config.krebs.git.repos.cal ];
+        perm = push ''refs/heads/master'' [ create merge ];
+      }
+    ];
+    repos.cal = {
+      public = true;
+      name = "cal";
+      hooks = {
+        post-receive = ''
+          ${pkgs.git-hooks.irc-announce {
+            channel = "#xxx";
+            refs = [
+              "refs/heads/master"
+            ];
+            nick = config.networking.hostName;
+            server = "irc.r";
+            verbose = true;
+          }}
+          /run/wrappers/bin/sudo -S -u radicale ${pushCal}
+        '';
+      };
+    };
+  };
+  krebs.secret.files.calendar = {
+    path = "/var/lib/radicale/.ssh/id_ed25519";
+    owner = { name = "radicale"; };
+    source-path = "${<secrets/radicale.id_ed25519>}";
+  };
+
+  security.sudo.extraConfig = ''
+    git ALL=(radicale) NOPASSWD: ${pushCal}
+  '';
 }

krebs/2configs/syncthing.nix

@@ -1,17 +1,21 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
+{ options, config, pkgs, ... }: with import <stockholm/lib>; let
   mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
 
   all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
-  used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders));
+  used_peer_names = unique (filter isString (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)));
   used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
 in {
   services.syncthing = {
     enable = true;
     configDir = "/var/lib/syncthing";
-    devices = mk_peers used_peers;
     key = toString <secrets/syncthing.key>;
     cert = toString <secrets/syncthing.cert>;
-  };
+    # workaround for infinite recursion on unstable, remove in 23.11
+  } // (if builtins.hasAttr "settings" options.services.syncthing then
+    { settings.devices = mk_peers used_peers; }
+  else
+    { devices = mk_peers used_peers; }
+  );
 
   boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
 }

krebs/3modules/tinc.nix

@@ -190,35 +190,16 @@ with import <stockholm/lib>;
           default = 3;
         };
 
-        user = mkOption {
-          type = types.user;
-          default = {
-            name = tinc.config.netname;
-            home = "/var/lib/${tinc.config.user.name}";
-          };
-          defaultText = {
-            name = "‹netname›";
-            home = "/var/lib/‹netname›";
-          };
+        username = mkOption {
+          type = types.username;
+          default = tinc.config.netname;
+          defaultText = literalExample "netname";
         };
       };
     }));
   };
 
   config = {
-    users.users = mapAttrs' (netname: cfg:
-      nameValuePair "${netname}" {
-        inherit (cfg.user) home name uid;
-        createHome = true;
-        isSystemUser = true;
-        group = netname;
-      }
-    ) config.krebs.tinc;
-
-    users.groups = mapAttrs' (netname: cfg:
-      nameValuePair netname {}
-    ) config.krebs.tinc;
-
     krebs.systemd.services = mapAttrs (netname: cfg: {
       restartIfCredentialsChange = true;
     }) config.krebs.tinc;
@@ -238,11 +219,11 @@ with import <stockholm/lib>;
           )
           "rsa_key.priv:${cfg.privkey}"
         ];
-        ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
+        ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
           set -efu
           ${pkgs.coreutils}/bin/mkdir -p /etc/tinc
           ${pkgs.rsync}/bin/rsync -Lacv --delete \
-            --chown ${cfg.user.name} \
+            --chown ${cfg.username} \
             --chmod u=rwX,g=rX \
             --exclude='/*.priv' \
             ${cfg.confDir}/ /etc/tinc/${netname}/
@@ -255,14 +236,16 @@ with import <stockholm/lib>;
               "$CREDENTIALS_DIRECTORY"/rsa_key.priv \
               /etc/tinc/${netname}/
         '';
-        ExecStart = toString [
+        ExecStart = "+" + toString [
           "${cfg.tincPackage}/sbin/tincd"
           "-D"
-          "-U ${cfg.user.name}"
+          "-U ${cfg.username}"
           "-d 0"
           "-n ${netname}"
         ];
         SyslogIdentifier = netname;
+        DynamicUser = true;
+        User = cfg.username;
       };
     }) config.krebs.tinc;
   };

krebs/5pkgs/simple/cunicu.nix

@@ -0,0 +1,22 @@
+{ lib, pkgs }:
+
+pkgs.buildGo120Module rec {
+  pname = "cunicu";
+  version = "g${lib.substring 0 7 src.rev}";
+
+  buildInputs = [
+    pkgs.libpcap
+  ];
+
+  # XXX tries to access https://relay.cunicu.li
+  doCheck = false;
+
+  src = pkgs.fetchFromGitHub {
+    owner = "stv0g";
+    repo = "cunicu";
+    rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
+    hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
+  };
+
+  vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
+}

krebs/5pkgs/simple/vicuna-chat/default.nix

@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+pkgs.writers.writeDashBin "vicuna-chat" ''
+  set -efu
+
+  export PATH=${with pkgs; lib.makeBinPath [
+    coreutils
+    curl
+    jq
+  ]}
+
+  CONTEXT=''${CONTEXT:-$(date -Id)}
+  PROMPT=$*
+
+  if ! test -e "$CONTEXT"; then
+    echo -n 'null' > "$CONTEXT"
+  fi
+
+  add_to_context() {
+    jq -rc --argjson message "$1" '. + [$message]' "$CONTEXT" > "$CONTEXT.tmp"
+    mv "$CONTEXT.tmp" "$CONTEXT"
+  }
+
+  add_to_context "{\"role\": \"user\", \"content\": \"$PROMPT\"}"
+  response=$(
+    jq -nc --slurpfile context "$CONTEXT" '{
+      model: "vicuna-13b",
+      messages: $context[0],
+    }' |
+      curl -Ss http://vicuna.r/v1/chat/completions -H 'Content-Type: application/json' -d @-
+  )
+  add_to_context "$(jq -rcn --argjson response "$response" '$response.choices[0].message')"
+  jq -rcn --argjson response "$response" '$response.choices[0].message.content'
+''

krebs/nixpkgs-unstable.json

@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
-  "date": "2023-05-22T13:19:02+02:00",
-  "path": "/nix/store/zgv3fzg2lywfqdrv4mghd62s9i6zxhrw-nixpkgs",
-  "sha256": "0nkg8h5ix0sbjqb0gdj5124nbg2gd1nmyl1p14cvlg77fs7afld6",
+  "rev": "7409480d5c8584a1a83c422530419efe4afb0d19",
+  "date": "2023-06-04T22:13:39-04:00",
+  "path": "/nix/store/ljhvmls6vxsg7x93zvaa087y77wh2nzc-nixpkgs",
+  "sha256": "14rv5zjrq5rpqlzc1wzh30yhn8aivwkm2zrh0bh0facbkqwrwigh",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,

krebs/nixpkgs.json

@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "a17f99dfcb9643200b3884ca195c69ae41d7f059",
-  "date": "2023-05-23T18:09:00+02:00",
-  "path": "/nix/store/2n82i65gv1y54xj3dplkvhfyc8rs1j90-nixpkgs",
-  "sha256": "180ipicp351s99nvn9xvf5nzs5fzxhawfbykaijvaqj63siss13m",
+  "rev": "d4a9ff82fc18723219b60c66fb2ccb0734c460eb",
+  "date": "2023-06-04T14:52:07+02:00",
+  "path": "/nix/store/hnnbh80g4jx19h0ac76qrirai16ld2px-nixpkgs",
+  "sha256": "0ly23mqjzlygsnr0avji6ylyrl90rcqsmkcavg71kd60v8ydmw6c",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,

lass/1systems/radio/source.nix

@@ -0,0 +1,6 @@
+{ lib, pkgs, test, ... }: let
+  npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
+in if test then {} else {
+  nixpkgs.git.ref = lib.mkForce npkgs.rev;
+  nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
+}

lass/2configs/fetchWallpaper.nix

@@ -5,7 +5,7 @@ let
 in {
   krebs.fetchWallpaper = {
     enable = true;
-    url = "prism/realwallpaper-krebs-stars-berlin.png";
+    url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
   };
 }
 

lass/2configs/pipewire.nix

@@ -22,15 +22,14 @@
     pulse.enable = true;
     jack.enable = true;
   };
-
-  systemd.services.wireplumber = {
-    environment = {
-      HOME = "/var/lib/wireplumber";
-      DISPLAY = ":0";
-    };
-    path = [
-      pkgs.dbus
-    ];
-    serviceConfig.StateDirectory = "wireplumber";
+  environment.etc = {
+    "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+      bluez_monitor.properties = {
+        ["bluez5.enable-sbc-xq"] = true,
+        ["bluez5.enable-msbc"] = true,
+        ["bluez5.enable-hw-volume"] = true,
+        ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+      }
+    '';
   };
 }

lass/2configs/realwallpaper.nix

@@ -19,8 +19,7 @@ in {
       }
     '';
     serverAliases = [
-      hostname
-      "${hostname}.r"
+      "wallpaper.r"
     ];
     locations."/realwallpaper/".extraConfig = ''
       index on;

lass/2configs/services/radio/default.nix

@@ -82,7 +82,7 @@ in {
   users.users = {
     "${name}" = rec {
       inherit name;
-      createHome = lib.mkForce false;
+      createHome = true;
       group = name;
       uid = pkgs.stockholm.lib.genid_uint31 name;
       description = "radio manager";

lass/2configs/services/radio/news.nix

@@ -1,6 +1,31 @@
 { config, lib, pkgs, ... }:
 let
 
+  tts = pkgs.writers.writeBashBin "tts" ''
+    set -efu
+
+    offset=0
+    OUTPUT=$(mktemp -d)
+    trap 'rm -rf "$OUTPUT"' EXIT
+    SPEAKER=$[ $RANDOM % 900 ]
+    while read line; do
+      echo "$line" |
+        ${pkgs.larynx}/bin/larynx \
+          --model ${pkgs.fetchzip {
+            url = "https://github.com/rhasspy/piper/releases/download/v0.0.2/voice-en-us-libritts-high.tar.gz";
+            hash = "sha256-jCoK4p0O7BuF0nr6Sfj40tpivCvU5M3GHKQRg1tfIO8=";
+            stripRoot = false;
+          }}/en-us-libritts-high.onnx \
+          -s "$SPEAKER" \
+          -f "$OUTPUT"/"$offset".wav
+
+      ((offset+=1))
+    done
+
+    ${pkgs.sox}/bin/sox "$OUTPUT"/*.wav "$OUTPUT"/all.wav
+    cat "$OUTPUT"/all.wav
+  '';
+
   send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
     ${pkgs.vorbis-tools}/bin/oggenc - |
       ${pkgs.cyberlocker-tools}/bin/cput news.ogg
@@ -41,16 +66,16 @@ in
   systemd.services.newsshow = {
     path = [
       newsshow
+      tts
       send_to_radio
       gc_news
       get_current_news
-      pkgs.curl
       pkgs.retry
     ];
     script = ''
       set -efu
       retry -t 5 -d 10 -- newsshow |
-        retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
+        retry -t 5 -d 10 -- tts |
         retry -t 5 -d 10 -- send_to_radio
     '';
     startAt = "*:00:00";

lass/2configs/themes.nix

@@ -15,6 +15,7 @@
         ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
         ${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
         ${pkgs.procps}/bin/pkill -HUP xsettingsd
+        ${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)"
       else
         echo "theme $1 not found"
       fi
@@ -37,17 +38,25 @@ in {
   ];
   environment.systemPackages = [
     switch-theme
+    pkgs.dracula-theme
+    pkgs.gnome3.adwaita-icon-theme
   ];
   environment.etc = {
+    "themes/light/gtk-theme".text = ''
+      Adwaita
+    '';
     "themes/light/xsettings.conf".text = ''
-      Net/ThemeName "Adwaita" 
+      Net/ThemeName "Adwaita"
     '';
     "themes/light/xresources".text = ''
       *background: #ffffff
       *foreground: #000000
     '';
+    "themes/dark/gtk-theme".text = ''
+      Dracula
+    '';
     "themes/dark/xsettings.conf".text = ''
-      Net/ThemeName "Adwaita-dark" 
+      Net/ThemeName "Dracula"
     '';
     "themes/dark/xresources".text = ''
       *background: #000000

lass/2configs/weron/client.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+{
+  systemd.services.weron = {
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      WERON_RADDR = "ws://lassul.us:23420/";
+    };
+    serviceConfig = {
+      ExecStart = pkgs.writers.writeDash "weron" ''
+        ${pkgs.weron}/bin/weron vpn ip \
+          --community krebs \
+          --password aidsballs \
+          --key aidsballs \
+          --ips 10.249.1.0/24 \
+          --verbose 7 \
+          --dev weron
+      '';
+    };
+  };
+}

lass/2configs/weron/signaler.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+{
+  systemd.services.weron-signaler = {
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+    };
+    serviceConfig = {
+      ExecStart = ''${pkgs.weron}/bin/weron signaler --verbose=7 --laddr ":23420"'';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 23420 ];
+}

tv/2configs/gitrepos.nix

@@ -96,6 +96,9 @@ with import ./lib;
     nix-writers = {
       cgit.desc = "collection of package builders";
     };
+    nixpkgs = {
+      cgit.desc = "Nix Packages collection";
+    };
     pager = {
     };
     populate = {

tv/2configs/sshd.nix

@@ -11,9 +11,11 @@ in {
   ];
   tv.iptables.extra4.nat.PREROUTING = [
     "-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT"
+    "-d ${cfg.host.nets.wiregrill.ip4.addr} -p tcp --dport 22 -j ACCEPT"
   ];
   tv.iptables.extra6.nat.PREROUTING = [
     "-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT"
+    "-d ${cfg.host.nets.wiregrill.ip6.addr} -p tcp --dport 22 -j ACCEPT"
   ];
   tv.iptables.extra.nat.PREROUTING = [
     "-p tcp --dport 22 -j REDIRECT --to-ports 0"